These are stopgap solutions made to imitate aspects of other operating systems, and ultimately "break" the security model of the Mac. Apple knows the end-user is the weakest link in any security model, so by reducing the end-user's capabilities, you limit the risk they pose to the system. I'd rather just use an operating system that doesn't second-guess my choices in the first place.
I don't think a 3rd party package manager "breaks" the security model. I'm pragmatic and that gives me a few choices about flexibility. I'm able to run the software I need locally (Adobe Products) and the shell is familiar and I've got the utilities I need and the languages to interact with them and I'm able to get what I need done. Thankfully my workflow isn't one that requires fighting the OS or tooling support. I spend my time fiddling with the server side of things and now that docker is a thing it's more application side than anything.
Installing homebrew and emacs doesn't require turning off security. Maybe the one about "only run Apple signed software" - is that the default? I don't think it is.
